From 80603e03cb21a660f6b886647d8eccd802f28296 Mon Sep 17 00:00:00 2001
From: James Lee <egypt@metasploit.com>
Date: Mon, 26 Dec 2011 14:41:24 -0700
Subject: [PATCH] grab the appropriate shell from mult-platform meterpreters
 and use /bin/sh instead of /bin/bash for linux to improve compatibility,
 fixes #5996

---
 .../ui/console/command_dispatcher/stdapi/sys.rb     | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
index 5d3b92892a..089315831b 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
@@ -153,12 +153,21 @@ class Console::CommandDispatcher::Stdapi::Sys
 	# Drop into a system shell as specified by %COMSPEC% or
 	# as appropriate for the host.
 	def cmd_shell(*args)
-		if client.platform =~/win/
+		case client.platform
+		when /win/
 			path = client.fs.file.expand_path("%COMSPEC%")
 			path = (path and not path.empty?) ? path : "cmd.exe"
 			cmd_execute("-f", path, "-c", "-H", "-i", "-t")
+		when /linux/
+			# Don't expand_path() this because it's literal anyway
+			path = "/bin/sh"
+			cmd_execute("-f", path, "-c", "-i")
 		else
-			path = client.fs.file.expand_path("/bin/bash")
+			# Then this is a multi-platform meterpreter (php or java), which
+			# must special-case COMSPEC to return the system-specific shell.
+			path = client.fs.file.expand_path("%COMSPEC%")
+			# If that failed for whatever reason, guess it's unix
+			path = (path and not path.empty?) ? path : "/bin/sh"
 			cmd_execute("-f", path, "-c", "-i")
 		end
 	end